Reputation: 2852
Azure Artifacts gives 401 error on publishing a nuget package
Pushing a Nuget package to Azure Artifacts always gives 401 error. Note that the API key was just copied from Azure portal. What could be the issue?
dotnet nuget push out/MonoTorrent.1.0.39.nupkg -s "myfeed" -k "myapikey"
Output:
Pushing MonoTorrent.1.0.39.nupkg to 'https://pkgs.dev.azure.com/myacct/c7fc868d-fd14-4f27-a36a-8ff9add6482c/_packaging/c2fe5b0f-251b-4017-9848-ed4b906d9fc0/nuget/v2/'...
Unauthorized https://pkgs.dev.azure.com/myacct/c7fc868d-fd14-4f27-a36a-8ff9add6482c/_packaging/c2fe5b0f-251b-4017-9848-ed4b906d9fc0/nuget/v2/ 1248ms
error: Response status code does not indicate success: 401 (Unauthorized).
Nuget.Config
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<packageSources>
<clear />
<add key="myfeed" value="https://pkgs.dev.azure.com/myacct/myproject/_packaging/myfeed/nuget/v3/index.json" />
</packageSources>
<myfeed>
<add key="Username" value="myliveidemail" />
<add key="ClearTextPassword" value="myapikey" />
</myfeed>
</configuration>
Upvotes: 9
Views: 10095
Answers (4)
Reputation: 3517
You need to make sure that your "[ProjectName] Build Service" or "Project Collection Build Service"
(which one depends on your project configuration in Azure DevOps - for test assign both)
has correct permissions in the Artifacts -> Settings -> Permissions.
(You need Feed Publisher to publish packages.)
If that is done then you do not need any PATs or AccessTokens.
What you need is task - NuGetAuthenticate with empty param.
This works for me:
- stage: RunAll
jobs:
- job: RunAll
steps:
- task: NuGetToolInstaller@1
- task: NuGetAuthenticate@1
inputs:
nuGetServiceConnections:
- task: NuGetCommand@2
inputs:
restoreSolution: '$(solution)'
- script: 'dotnet build $(solution)'
displayName: 'Build Solution'
- script: 'dotnet pack $(packageProject) -o package'
displayName: 'Pack Project'
workingDirectory: $(solutionFolder)
- script: 'dotnet nuget push -s $(feedName) -k az --skip-duplicate ./package/*.nupkg'
displayName: 'Push $(packageProject) to $(feedName)'
workingDirectory: $(solutionFolder)
My folder structure is
/$(solutionFolder)/nuget.config
/$(solutionFolder)/solutionName.sln
/$(solutionFolder)/projectFolder/projectName.csproj
My nuget.config contains definition of my feed without username and password.
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<packageSources>
<clear />
<add key="FeedKey" value="https://pkgs.dev.azure.com/[org]/[project]/_packaging/[feed]/nuget/v3/index.json" />
</packageSources>
</configuration>
Works like a charm.
Upvotes: 0
Reputation: 1293
Goto https://dev.azure.com/YOUR_ORGANIZATION/_usersSettings/tokens and create a token. Use token name as username and generated token value as a password for dotnet nuget push commands.
Upvotes: 0
Reputation: 2524
Try from the Package Manager Console,
NuGet push -apikey <key> -source "feed_name" ./mypackage-1.0.1.nupkg
Note the PMC version of NuGet requires -apikey and -source (-k and -s don't work)
For whatever reason, PMC works for me but dotnet nuget gives me a 401.
Upvotes: 2
Reputation: 28126
1.Looks like you're trying to add the credentials into Nuget.config file, this is not recommended because:
We strongly recommend not checking your PAT into source control. Anyone with access to your PAT can gain access to your Azure DevOps Services.
Though it's not recommended, it should work. For me I use command like:
dotnet nuget push --source "myfeed" --api-key az Test.1.0.0.nupkg
And the Nuget.config:
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<packageSources>
<clear />
<add key="myfeed" value="https://pkgs.dev.azure.com/myacct/myproject/_packaging/myfeed/nuget/v3/index.json" />
</packageSources>
<packageSourceCredentials>
<myfeed>
<add key="Username" value="lancel" />
<add key="ClearTextPassword" value="YourPat, instead of the APIkey" />
</myfeed>
</packageSourceCredentials>
</configuration>
It means you'll need to create PAT which is scoped to the organization(s) you want to access with following permissions: Packaging (read), Packaging (read and write), or Packaging (read, write, and manage).
Then it should be <add key="ClearTextPassword" value="%PAT%" />.
2.And another direction is to use Azure Artifacts Credential Provider in non-interactive scenarios.
Run the helper script to install it automatically and set a VSS_NUGET_EXTERNAL_FEED_ENDPOINTS variable. The value of this variable should be:
{"endpointCredentials": [{"endpoint":"https://pkgs.dev.azure.com/myacct/myproject/_packaging/myfeed/nuget/v3/index.json", "password":"PAT"}]}
Upvotes: 6
Related Questions
- Nuget restore returns 401 unauthorized during Jenkins build for packages in Azure DevOps artifacts feed
- "No packages found" when having Azure Artifact as package source
- Cannot push packages to azure artifacts feed, keeps asking for credentials
- NuGet Package Artifact not downloading in Azure Release Pipeline
- NuGet Push throws PackageExistsAsDeletedException
- How to push nuget package to Azure Artifacts?
- Getting a 405 Method Not Allowed publishing NuGet to VSTS / ADO
- error with push nuget package to azure devops artifact repository
- Publishing NuGet packages to Azure Artifacts from PR's
- VSTS NuGet Publisher - 403 (Forbidden) Error